Office Professional Plus for Office 365 – Activation Process

Office 365 combines the Microsoft Office Professional Plus client suite with cloud versions of the following products and services: Microsoft Exchange Online, Microsoft SharePoint Online, and Microsoft Lync Online. The Office Professional Plus offering provides the complete Office client suite as a monthly subscription service.

The Office Professional Plus subscription allows customers to purchase monthly licenses for each of their users. Each user license allows five concurrent installations. Both 32- and 64-bit versions of Office Professional Plus are available in Office 365. However, Microsoft recommends that you install the 32-bit version. You download and manage Office Professional Plus for Office 365 from the Office 365 portal. After you download Office Professional Plus for Office 365, you can make the Office suite available to users in your organization, based on the number of user licenses that you sign up for.

Office Professional Plus for Office 365 and volume licensed product comparison

	Office Professional Plus for   Office 365	Volume licensed products
Download   location	Office 365 portal	Volume Licensing Service Center
Software	Office   Professional Plus	Office   Standard 2010Office   Professional Plus 2010
Product   key and activation	Subscription-based   activationTerms:   monthly per user license	Volume   licensing technologies:Key   Management Service (KMS): 180 daysMultiple   Activation Key (MAK): perpetual activation
When   Reduced Functionality Mode (RFM) starts	In 60   days from last activation	MAK:   not applicableKMS:   in 180 daysNotification   mode
Deployment   options	Office   365 portalUnmanaged   and managed options	Unmanaged   and managed optionsMicrosoft   Application Virtualization (App-V)Remote   Desktop Services (Terminal Services)
Allowed   number of copies	5 active installations on different devices per user	One device   per license\activation

Office Professional Plus components and interactions

Office Professional Plus for Office 365 includes new activation technology that enables a monthly subscription model. Every month, Office Professional Plus automatically verifies the status of a user’s subscription. The validation process requires Internet access.

• If a user has a valid subscription, Office Professional Plus is activated for another 30 days.
  

• If the user’s subscription cannot be verified, Office Professional Plus enters a 30 day grace period.

During the 30 day grace period, Office Professional Plus tries to verify a user’s subscription every 24 hours. If, by the end of the 30 grace period, Office Professional Plus still has not been able to verify the status of a user’s subscription, Office Professional Plus will enter Reduced Functionality Mode (RFM)

Activation Components and Process

Office Professional Plus for Office 365 includes activation components that automatically obtain a product key and activate it. Office Professional Plus includes the following client components and services:

• Office Professional Plus client suite
  
• Subscription activation components:
  
  • Office Subscription Agent
    
  • OSA Notifier
    
  • Office Software Protection Platform (OSPP)
    
  • Office Subscription Service (OSS)
    

Office Professional Plus for Office 365 also uses Microsoft Office 365 Desktop Setup, an additional component that is downloaded from the Office 365 Portal. Microsoft Office Desktop Setup is an installer service that checks for and provides important software updates for Office 365.

Subscription activation components

Office Subscription Agent (OSA) is part of the Office Professional Plus for Office 365 download. OSA manages the client-side subscription experience and performs the following tasks:

• Completes initial subscription provisioning.
  
• Interacts with the Office Subscription Service that is described later in this article and the Office Software Protection Platform to manage subscription status and license state, and provides state messages to the subscription notification applications.
  
• Manages all licensing actions by using the Office Software Protection Platform.
  

Office Subscription Agent coordinates with Office Subscription Service and Office Software Protection Platform to apply business rules on the client computer for activation, renewal, deprovision, and reprovision of user subscriptions. OSA also notifies users about important subscription states and prompts for any input required for user account validation.

Office Subscription Agent includes two components:

• OSA core service: runs on the client computer as a network service. This service enforces business rules for the user subscription.
  
• OSA Notifier: runs in user context, notifies users about error conditions, and authenticates the user ID account. The OSA Notifier uses Microsoft Identity Client Runtime Library (IDCRL), a dynamic link library (DLL) file that is used by applications such as smart clients to authenticate user ID credentials.
  

Office also uses Office Software Protection Platform (osppsvc), which is a system service on the client that brokers the license state for installed Office software.

Office Subscription Service is a cloud-based service that manages subscriptions, users, and computers for use with Office Subscription Agent. In addition to interfacing with OSA, OSS obtains computer-specific product keys from the Sell keys service and manages Time Based Licensing parameters through the Activation Verification System (AVS), an Office Software Protection Platform system that manages activation licenses that are based on Time Based Licensing (TBL) parameters set by OSS.

There are four Office license states:

OOB_GRACE	Office was installed within the last 30 days but is not yet activated. Office is fully functional. During this state, Office prompts the user to enter user ID credentials to provision Office.
LICENSED	Office is in full-functionality mode and a key was successfully installed and activated.
EXTENDED_GRACE	Office is in full-functionality mode but is in risk of falling into RFM. This state lasts for 30 days and indicates that the key has not been successfully re-activated. This could be caused by the computer being “bumped” to make space on the license for another computer or by a user being de-provisioned. This can also be caused by an extended time without Internet connectivity, which prevents OSA from validating the user’s license.
NOTIFICATIONS	State indicates that Office is in RFM mode.

Activation process

Office Professional Plus for Office 365 offers a pay-as-you-go, per user licensing model. When a user’s Office Professional Plus subscription is canceled, Office enters reduced-functionality mode (RFM or read-only mode). In contrast to the traditional Office 2010 client activation, which requires that the user enter the 25 character product key, Office Professional Plus for Office 365 includes Office Subscription Agent. It is an add-on component that automatically obtains a product key and activates it. The user only has to enter a user ID and password one time to validate the subscription. A user can have up to 5 concurrent installations by using the same user ID and password.

OSA is installed during the Office Professional Plus for Office 365 installation. OSA is the mechanism through which Office Professional Plus full functionality is enabled or disabled, depending on the status of the user’s subscription. When installation is complete, the OSA system service and the OSA Notifier are started. These two processes are necessary for the correct functioning of an Office Professional Plus for Office 365 subscription.

The following graphic shows how OSA takes a user ID and password as input, contacts OSS to retrieve a 30-day product key, and then loads the key into OSPP. The key only licenses Office for 30 days. OSA contacts OSS once every 30 days to revalidate the subscription and extend the license period for an additional 30 days.

To verify the licensing state of the Office 365 clients, the clients must have reliable Internet access every 30 days.

Information Protection Technologies

Following is a table that recommends the most appropriate data protection technology that can be used to protect High Business Impact information while sharing it on different platforms:

Technology	IRM	S/MIME	EFS	BitLocker and BitLocker To Go™
Technology description	Enables you to apply specific access permissions to documents, workbooks, and presentations to prevent unauthorized forwarding, printing, or copying; and to set expiration dates after which files no longer are available or usable.	Enables you to encrypt and/or digitally sign your e-mail messages so that only the people you specify can access them.	Encrypts your files or folders, and requires users other than you to enter the appropriate decryption key before they can access the encrypted content.	Protects data on your computer by preventing unauthorized access to the hard disk drive
Transmit with internal e-mail	Acceptable solution	Preferred solution
Transmit with external e-mail		Preferred solution
Share by using SharePoint	Preferred solution
Share by using Sharepoint Workspaces	Preferred solution
Storing on a computer New hardware running Windows Vista® or newer	Acceptable solution		Acceptable solution	Preferred solution
Storing on a computer Old hardware running Windows Vista or older	Preferred solution		Acceptable solution
Storing on removable mediaUse Windows 7 or Windows Server® 2008 R2			Acceptable solution	Preferred solution

For more information and recommendations on How to Secure Business Information, download the Securing Business Information Work Smart Guide from Microsoft IT.

Collaboration Simplified with Sharepoint Server 2010

New Work Smart Guide on Sharepoint 2010 by Microsoft IT Showcase…

About Collaborating with SharePoint Server 2010

Microsoft® Office SharePoint® Server 2010 is designed to work effectively with other programs, servers, and technologies, including those in the Microsoft Office system.SharePoint Server 2010 extends from previous editions by providing additional features and capabilities. Use this guide to learn about these features and how to use them. Topics in this guide include: · Parts of a SharePoint Site · Create a New SharePoint Site · Adding Content to a SharePoint Site · Managing and Working with Site Content

Parts of a SharePoint Server 2010 Site

A site is a group of related intranet Web pages where an organization can work on projects, conduct meetings, and share information. For example, a team might have its own site where it stores schedules, files, and procedural information. A team site might be part of a larger organizational portal site, where departments post information and resources for the rest of the organization.

All SharePoint sites have common elements, including: lists, libraries, Web Parts, and views.

Lists

Lists are a Web site component that allows your organization to store, share, and manage information. For example, you can create a task list to track work assignments or team events on a calendar. You can also conduct surveys, or host discussions on a discussion board.

Libraries

Libraries are a special type of list that stores files as well as information about files. You can control how files are viewed, tracked, managed, and created, in libraries.

Web Parts

Web Parts are a modular unit of information that forms a basic building block of most Web pages on an intranet Web site. If you have permission to edit pages on your Web site, you can use Web Parts to customize your site to display pictures and charts, portions of other Web pages, lists of documents, customized views of business data, and more.

Views

Views allow you to see the items in a list or library that are most important to you, or that best fit a purpose. For example, you can create a view of all the items in a list that apply to a specific department, or to highlight particular documents in a library. You can also create multiple views of a list or library that people can select from. Finally, you can use a Web Part to display a view of a list or library on a separate page of your site.

SharePoint 2010 Server Site Specifics

How you install and configure SharePoint 2010 Server will affect what you see, and what options are available to you on your site.

Permissions

If you are assigned the default Full Control permission level, you have the full range of options to manage the site. If you are assigned to the Contribute or Read permission level, your options and access to site content are more limited. Many of the options discussed here are not available to users with the Reader permission level, which allows users to only read content, but not make changes to it. Because permissions are designed to be flexible and customizable, your organization may have its own unique settings.

Create a New SharePoint Site

You can go to the SharePoint Services webpage at http://sharepoint/Pages/hosting.aspx and follow the appropriate link to create a new SharePoint site in your region.

Adding Content to a SharePoint Site

You can add items to lists, and files to libraries, by using a Web browser. The buttons you use to perform the most common actions are located on the ribbon, which is near the top of the page on most site pages.

Buttons on the ribbon may be grayed out for any of the following reasons:

• The action is not applicable, or is dependent on some other action. For example, you must select the check box for a document before the Check Out button will become available.

• You do not have permission to complete the task.

• The feature is not enabled for this site. For example, workflows may not be enabled on this site.

You can also save files to a library from some client programs that are compatible with SharePoint Server 2010. For example, you can save a Microsoft Office Word document to a library on a SharePoint Server 2010 site while you are working in Office Word.

To add an item to a list, or a file to a library, you must have permission to contribute to the list or library. For more information about how your organization uses permissions and permission levels, ask your site owner or administrator.

When you add the item or file, other people who have permission to read the list can view the item or file, unless it requires approval. If the item or file requires approval, then it is stored in a pending state in the list or library, until someone with the appropriate permissions approves it. If you are already viewing the list or library when an item or file is added, you may need to refresh your browser to see the new item or file.

Lists and libraries can also take advantage of e-mail features, if incoming or outgoing e-mail is enabled on your site. Some lists, such as calendars, announcements, blogs, and discussion boards, can be set up so that people can add content to them by sending e-mail. Other lists, such as tasks and issue-tracking, can be set up to send e-mail to people when items are assigned to them.

In addition to adding content to existing lists and libraries, you may have permission to create new lists and libraries. The list and library templates give you a head start. Depending on your permission level, you can also create and customize new pages and sites.

Lists

Although there are different types of lists, the procedure for adding items to them is similar. This means you do not need to learn several new techniques to work with different list types. A list item contains text in a series of columns, but some lists may allow attachments to be added to the item as well.

Create a List

On many sites, some lists are already created for you. These default lists range from a discussion board, to a calendar list. If you have permission, you can also create lists from several types of list templates, which provide structure and settings to help you start.

To create a list:

1 Click Site Actions, and then click More Options

Important

If you do not see the Site Actions menu, you may not have permission to create a list.

2 On the Create page, click the type of list you want to create. For example, if you want to create a list of Links, then click Links.

3 Type a Name for the list, complete any other fields you want to complete, and then click Create.

Add an Item to a List

1 In the list where you want to add the item, click the Items tab on the ribbon. (It’s the Events tab for a calendar.)

2 Click New Item (New Event for a calendar).

Tip

You can also quickly add an event to a calendar by pointing to the date on the calendar, clicking Add, and then completing the fields in the dialog box that appears.

3 Complete the required fields and any others that you want to complete, and then click Save.

Edit or Delete an Item in a List

1 Point to an item, and then select the check box that appears next to the item.

Tip

You can perform actions on multiple items by selecting multiple check boxes.

2 On the Items tab on the ribbon, click either Edit Item or Delete Item, as required.

Libraries

A library is a location on a site where you can create, collect, update, and manage files with other team members. Each library displays a list of files and key information about the files, which helps people to use the files to work together.

You can add a file to a library by uploading it from your Web browser. After you add the file to the library, other people with the appropriate permission can see the file. If you are already viewing the library when someone adds a file, you may need to refresh your browser to see the new file.

If you are using a program that is compatible with SharePoint Server 2010, you can create a new file based on a template, while you are working in the library.

Create a Document Library

3 To create a document library, click Site Actions, and then click New Document Library.

Important

If you do not see the Site Actions menu, you may not have permission to create a library.

4 Type a name for the library, complete any other fields you want to complete, and then click Create.

Note

To see the other types of libraries you can create, click Site Actions, and then click More Options. Point to a library option to read a descriptor for that option.

Add a File to a Library

To add a file to a library:

1 In the library where you want to add the file, click the Documents tab on the ribbon.

2 Click Upload Document.

3 Browse to the document, and then click OK.

Note

If you are using a program that is compatible with SharePoint Server 2010, such as Office Word, you can drag and drop documents from the Windows Explorer window into the Upload Document dialog box.

Edit or Delete a File in a Library

To edit or delete a file in a library:

1 Point to a file, and then select the check box that appears next to the file.

2 On the Documents tab on the ribbon, click either Edit Document or Delete Document, as required.

When you create many types of sites, a default library called Shared Documents is created for you. Shared Documents is a document library that you can use for storing several types of files. You can create more libraries if you have permission to manage lists, such as a picture library for storing images.

Sites and Pages

A site can serve a general purpose, such as storing schedules, guidelines, files, and other information that your team frequently refers to. A site can serve a more specific purpose, such as keeping track of a meeting, or hosting a blog, where a member of your organization frequently posts news and ideas.

Your organization can use top-level sites, sub-sites, and pages, to divide site content into distinct, separately manageable sites.

A top-level site is at the top of the hierarchy in a site collection, from which you can manage site collection features. A top-level site can have multiple sub-sites.

A sub-site is a complete Web site stored in a named subdirectory of the top-level Web site. Each sub-site can have administration, authoring, and browsing permissions that are independent from the top-level Web site and other sub-sites.

For example, each department in your organization may have its own team sub-site that is part of a larger portal site.

You can add content to sites by adding lists and libraries. You may consider adding Web Part pages, which enable you to use Web Parts to quickly add dynamic content.

A Web Part page is a special type of Web page that contains one or more Web Parts. A Web Part page consolidates data—such as lists and charts— and Web content —such as text and images —into a dynamic information portal built around a common task.

Create a Site

If you need to create new sites, you can choose from several site templates to give you a head start on creating a new site. Whether you can create sites and sub-sites depends on how your organization has set up its sites, and its permissions to create them.

1 To create a site, click Site Actions, and then click New Site.

Important

If you do not see the Site Actions menu, you may not have permission to create a site.

2 Type a Title and URL name for the site.

3 Under Template Selection, select a site template.

4 Choose any other options you want, and then click Create.

Managing and Working with Site Content

There are several ways that you can manage and extend content in lists, libraries, and sites.

Navigating to Content

Navigation elements help people browse through the content that they need. Two navigation items that you can customize are the top link bar, and the Quick Launch.

By using the settings pages for each list or library, you can choose which lists and libraries appear on the Quick Launch. You can also change the order of links, add or delete links, and add or delete the sections into which the links are organized.

For example, if you have too many lists in the List section, you can add a new section for Tasks Lists, where you can include links to your tasks lists. You can make all of these changes to the Quick Launch from within a browser that is compatible with SharePoint Server 2010. You can also add links to pages outside the site.

The top link bar displays a row of tabs at the top of every page in the site, which allows users of your site to access other sites in the site collection. When you create a new site, you can choose whether to include your site on the top link bar of the parent site, and whether to use the top link bar from the parent site.

If your site is using a unique top link bar, you can customize the links that appear on the top link bar for the site. Any sub-sites that are created within the parent site can also be displayed on the top link bar, provided that the sub-sites are configured to inherit the top link bar of the parent site. You can also include links to other sites outside of your site collection.

Managing Access to Content

A site owner or administrator can grant permission levels to users, and to SharePoint groups that contain users. The permissions can be applied to a site, the lists and libraries on a site, and the items within the lists and libraries.

You can assign different permission levels for different objects, such as a specific site, list, library, folder within a list or library, list item, or document.

Organizing Lists

There are many ways to organize lists, such as using different views or adding new folders to your lists.

Some features help your team create and manage list items efficiently across several lists. For example, you can create a column that provides information about list items, and then share it across other lists.

Organizing Libraries

How you organize your files in a library will depend on the needs of your group, and on how you prefer to store and search for your information. For example, if you want to make a file available in multiple libraries, you can easily copy it to other libraries on your site. You can also request to be prompted for updates if the file changes.

You can also use the same features that you use in lists, such as views, and folders, to help you manage information.

Using Accessibility Features

Sites are designed so that lists, libraries, and other features can be fully accessed by using only keystrokes. A More Accessible Mode enables users of accessible technologies to more easily interact with menus and various controls. Skip to Main Content links enable keyboard users to skip over repetitive navigation links to the more meaningful content on a page.

The markup of headings is designed to better define the structure and improve navigation for people who use screen readers. Images that are uploaded to the site allow for custom alternative text to be defined. For example, you can assign custom alternative text to the image that appears on the home page in the Site Image Web Part, or to a picture that you add to a picture library. For viewing sites, the high contrast options in Windows work well for users with low vision.

Tracking Versions

Your list or library may be set up to track versions, so that you can restore a previous version and view a history of changes. When you track versions, any changes to the items or files and their properties are stored. This enables you to better manage content as it is revised, and even to restore a previous version if necessary. Versioning is especially helpful when several people work together on projects, or when information goes through several stages of development and review.

1 The current published major version is highlighted, and the version number is a whole number.

2 A new version is created when properties or metadata changes.

3 The first version of a file is always minor version number 0.1.

Co-authoring Documents

Two or more users can edit an Office Word document or Office PowerPoint® presentation at the same time. This new SharePoint Server 2010 feature enables you to read and write portions of a file stored in SharePoint Server 2010. For example, you can edit one paragraph in an Office Word document, while a colleague edits another paragraph in the same document and at the same time.

To learn more about document collaboration and co-authoring in SharePoint Server 2010, go to http://office.microsoft.com/en-us/sharepoint-server-help/document-collaboration-and-co-authoring-HA101812148.aspx.

Staying Updated on Changes

You can distribute and receive information, including updates to lists and libraries, in a standardized format by using RSS. A standardized XML file format allows users to use many different programs to view the information. You can also subscribe to lists and libraries by setting alerts, so that you know when content has changed.

A team can use RSS feeds as a way to customize their content for team members who subscribe to their feeds, and to offer links back to their Web sites. You can use RSS Feeds to track team progress and project updates. Instead of browsing multiple team Web sites, you receive the latest news or updates from those sites automatically.

Managing Workflow

Workflows help people to collaborate on documents and manage project tasks, by implementing specific business processes on documents and items in a site. Workflows help organizations to adhere to consistent business processes. Workflows can also improve organizational efficiency and productivity by managing the tasks and steps that are involved in specific business processes. This enables the people who perform these tasks to concentrate on performing the work, rather than managing the workflow.

Workflows can streamline the cost and time required to coordinate common business processes—such as project approval or document review—by managing and tracking the human tasks involved with these processes. For example, an organization can use a predefined Approval workflow or create and deploy a custom workflow to manage another business process.

To learn more about workflow and SharePoint Server 2010, go to http://office.microsoft.com/en-us/sharepoint-server-help/CH010372671.aspx.

Working with Content Types

Your list or library may support multiple content types. Content types enable organizations to organize, manage, and handle large amounts of content more effectively. If your list or library is set up to allow multiple content types, you can add content types from a list of available options that your organization frequently uses, such as Marketing Presentations, or Contracts.

After you add a content type to a list or library, you make it possible for that list or library to contain items of that type. Users can then use the New Item button in that list or library to create new items of that type.

One of the key advantages to content types for lists and libraries is that they make it possible for a single list or library to contain multiple item types or document types, each of which may have unique metadata, policies, or behaviors.

To learn more about working with content types, go to http://office.microsoft.com/en-us/sharepoint-server-help/CH010372670.aspx.

For More Information

· Basic Tasks in SharePoint Server 2010
http://office.microsoft.com/en-us/sharepoint-server-help/basic-tasks-in-sharepoint-server-2010-HA101839175.aspx

· SharePoint Server 2010 Help
http://office.microsoft.com/en-us/sharepoint-server-help/

Outlook 2010 For Dummies Cheat Sheet – For Dummies

I like this ….

Outlook 2010 For Dummies

From Outlook 2010 For Dummies by Bill Dyszel

Sending e-mail has never been easier than it is in Outlook 2010. Now that the Ribbon interface has been added to Outlook, you’ll find all the Outlook features you’ve come to love, plus many new ones. Use the handy Outlook 2010 For Dummies Cheat Sheet to orient yourself with Outlook’s new look and feel. There’s also a helpful table of Outlook shortcut keys.

 

Outlook 2010′s Mail Home Tab

The Mail Home tab on Outlook 2010′s Ribbon contains all the tools you need for daily e-mail messaging tasks as well as for managing the messages you accumulate and retain for reference. The following image shows you what each of Outlook 2010′s Mail Home tab buttons does.

 

 

Outlook 2010′s Calendar Home Tab

The Calendar Home tab on the Outlook 2010 Ribbon lets you choose how you prefer to view your appointments. You can choose among views for a Day, a Week, a Work Week, or a Month. You can also choose a Schedule view for seeing several schedules at once.

 

 

Outlook 2010′s Contacts Home Tab

Outlook 2010′s Contacts is more than just a list of names and e-mail addresses. You can take advantage of the Contacts Home tab on the Outlook 2010 Ribbon to create new contacts, to arrange the way you view the contacts you have, or to create e-mail messages or mail merge documents.

 

 

Outlook 2010′s Task Home Tab

More than just e-mail, Outlook 2010 can help you schedule and track projects both personal and professional. In the Tasks Home tab on the Outlook 2010 Ribbon, you’ll see tools for managing your workload more quickly and effectively. You can choose from a variety of views that help you keep track of pressing priorities.

 

 

Outlook 2010′s Notes Home Tab

You can store, find, and organize any random text data with the tools you see on the Notes Home tab on the Outlook 2010 Ribbon. With buttons for sorting, viewing, and categorizing your Outlook notes, you’ll never need to stick a little yellow note to your monitor ever again.

 

 

Outlook 2010 Keyboard Shortcuts

You can get things done a lot faster when you use Outlook, and you can work faster still if you use Outlook’s handy shortcut keys.

This Shortcut	Creates One of These
Ctrl+Shift+A	Appointment
Ctrl+Shift+C	Contact
Ctrl+Shift+L	Contact Group
Ctrl+Shift+E	Folder
Ctrl+Shift+M	E-mail message
Ctrl+Shift+N	Note
Ctrl+Shift+K	Task
Ctrl+Shift+J	Journal entry
Ctrl+Shift+Q	Meeting request
Ctrl+Alt+Shift+U	Task request
Ctrl+1	Mail
Ctrl+2	Calendar
Ctrl+3	Contacts
Ctrl+4	Tasks
Ctrl+5	Notes
Ctrl+6	Folder List
Ctrl+7	Shortcuts
Ctrl+8	Journal
Ctrl+S or Shift+F12	Save
Alt+S	Save & Close, Send
F12	Save As
Ctrl+Z	Undo
Ctrl+D	Delete
Ctrl+P	Print
F7	Check spelling
Ctrl+F	Forward

From: Outlook 2010 For Dummies Cheat Sheet – For Dummies.

Evaluate the real Power Consumption of your PC using PowerCfg

PowerCfg is a utility built into Windows 7 OS, that can be used for evaluating system energy efficiency of the system. IT professionals can use these PowerCfg enhancements to diagnose and resolve end-user problems with portable computer battery life and desktop energy efficiency.

In addition to power policy configuration, PowerCfg also enables system manufacturers to inspect a Windows platform for common energy efficiency problems. Many individual energy efficiency problems can be detected, including inefficient power policy settings, USB device selective suspend issues, and platform firmware problems that relate to processor power management capabilities. Here is a video that shows how to use PowerCfg to evaluate system energy efficiency and details the energy efficiency problems that might be detected.

Automating with Windows Powershell

Windows PowerShell™ is a task-based command-line shell and scripting language designed especially for system administration. Built on the .NET Framework, Windows PowerShell™ helps IT professionals and power users control and automate the administration of the Windows operating system and applications that run on Windows.

Built-in Windows PowerShell commands, called cmdlets, let you manage the computers in your enterprise from the command line. Windows PowerShell™ providers let you access data stores, such as the registry and certificate store, as easily as you access the file system. In addition, Windows PowerShell™ has a rich expression parser and a fully developed scripting language.

Windows PowerShell™ includes the following features:

• Cmdlets for performing common system administration tasks, such as managing the registry, services, processes, and event logs, and using Windows Management Instrumentation.
• A task-based scripting language and support for existing scripts and command-line tools.
• Consistent design. Because cmdlets and system data stores use common syntax and naming conventions, data can be shared easily and the output from one cmdlet can be used as the input to another cmdlet without reformatting or manipulation.
• Simplified, command-based navigation of the operating system, which lets users navigate the registry and other data stores by using the same techniques that they use to navigate the file system.
• Powerful object manipulation capabilities. Objects can be directly manipulated or sent to other tools or databases.
• Extensible interface. Independent software vendors and enterprise developers can build custom tools and utilities to administer their software.

Watch this video to see how easily you can automate IT Tasks with Windows Powershell:

 

Technorati Tags: Powershell,Windows 7,Windows Server 2008,R2,exchange,scripting

What makes Windows 7 and Windows Server 2008 ‘Secure by Default’

Security is an integral part of how Microsoft’s new Client (Windows 7) and Server (Windows Server 2008) are designed and coded.

Microsoft Security Development Lifecycle

The concepts that make up the Microsoft Security Development Lifecycle (SDL) were formed with the Trustworthy Computing (TwC) directive of January 2002. At that time, many software development groups at Microsoft instigated "security pushes" to find ways to improve the security of existing code.

Becoming a mandatory policy in 2004, the Microsoft SDL was designed as an integral part of the software development process at Microsoft. The development, implementation and constant improvement of the SDL represents a strategic investment for Microsoft, and an evolution in the way that software is designed, developed, and tested.

Watch this video to know what makes Windows 7 and Windows Server 2008 ‘Secure by Default’ and ‘Secure by Design’

 

 

The Microsoft SDL has now matured into a well defined methodology. The increasing importance of software to society emphasizes the need for Microsoft and the industry as a whole to continue to improve software security. To that end, Microsoft committed in 2005 to supporting a more secure and trustworthy computing ecosystem and has made guidance papers, tools and training resources available to the public.

Next Steps

Know more about the Security in Windows Server 2008 and Windows Server 2008 R2

Know more about Security Enhancements in Windows 7

 

 

Technorati Tags: Windows 7,Security,Windows Server 2008,R2,SDL

Using a Data Recovery Agent to Recover BitLocker-Protected Drives in Windows 7

Data recovery agents are individuals whose public key infrastructure (PKI) certificates have been used to create a BitLocker key protector, so those individuals can use their credentials to unlock BitLocker-protected drives. Data recovery agents can be used to recover BitLocker-protected operating system drives, fixed data drives, and removable data drives. However, when used to recover operating system drives, the operating system drive must be mounted on another computer as a data drive for the data recovery agent to be able to unlock the drive. Data recovery agents are added to the drive when it is encrypted and can be updated after encryption occurs.

Pre-requisites

To complete the procedures in this scenario:

• You must be able to provide administrative credentials.
• Your computer must meet BitLocker requirements.

 

Complete the following procedures in order.

To enable BitLocker to use self-signed certificates

1. Click Start, type regedit in the Search programs and files box, right-click regedit.exe, and then click Run as administrator. If the User Account Control dialog box appears, confirm that the action it displays is what you want, and then click Yes.

2. In Registry Editor, navigate to \HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\FVE.

3. On the Registry Editor menu, click Edit, point to New, and then click DWORD (32-bit) Value.

4. Type SelfSignedCertificates, and then press ENTER to create the SelfSignedCertificates key value.

5. Right-click SelfSignedCertificates, and then click Modify.

6. In Value data, type 1.

BitLocker can now use self-signed certificates.

To obtain a self-signed certificate to test BitLocker and data recovery agents

1. Open a text editor such as Notepad, and paste the following information into a new file:

   [NewRequest]

   Subject = "CN=BitLockerDRA"

   KeyLength = 2048

   ProviderName = "Microsoft Smart Card Key Storage Provider"

   KeySpec = "AT_KEYEXCHANGE”

   KeyUsage = "CERT_KEY_ENCIPHERMENT_KEY_USAGE"

   KeyUsageProperty = "NCRYPT_ALLOW_DECRYPT_FLAG"

   RequestType = Cert

   SMIME = FALSE

   [EnhancedKeyUsageExtension]

   OID=1.3.6.1.4.1.311.67.1.2

2. Save the file with the name bldracert.txt.

3. Insert a smart card into the smart card reader of the computer.

4. Click Start, type cmd in the Search programs and files box, right-click cmd.exe, and then click Run as administrator. If the User Account Control dialog box appears, confirm that the action it displays is what you want, and then click Yes.

5. In the Command Prompt window, navigate to the location where you saved the blcert.txt file, and type certreq –new bldracert.txt to request a new certificate based on the parameters identified in the file. There may be a slight delay while the request is carried out, and you may be prompted to insert your smart card and type your PIN.

6. When prompted to save the request file, type a file name, and click Save.

You now have a data recovery agent smart card certificate that is appropriate for use with BitLocker.

To export a BitLocker DRA certificate

1. Click Start, and then type certmgr.msc to open the Certificates snap-in.

2. In the console tree, expand Personal, and then click Certificates.

3. Double-click the BitLockerDRA certificate to display the certificate properties sheet.

4. Click the Details tab, and then click Copy to File to start the Certificate Export Wizard.

5. On the Welcome to the Certificate Export Wizard page, click Next.

6. On the Export Private Key page, verify that No, do not export the private key is selected, and then click Next.

7. On the Export File Format page, verify that DER encoded binary x.509 (.CER) is selected, and then click Next.

8. On the File to Export page, click Browse to display the Save as dialog box. In File name, type BitLockerDRA. In Save as type, verify that DER Encoded Binary X.509 (.cer) is selected, and then click Save to return to the File to Export page. The File name box on the wizard page should now display the path to the BitLockerDRA.cer file in your document library. Click Next.

9. On the Completing the Certificate Export Wizard page, verify that the information displayed is correct, and then click Finish.

10. When the certificate has been exported, the Certificate Export Wizard dialog box will be displayed with the message The export was successful. Click Close to close the dialog and the wizard.

To add a BitLocker data recovery agent and unlock a drive

1. Click Start, type gpedit.msc in the Search programs and files box, and then press ENTER.

2. If the User Account Control dialog box appears, confirm that the action it displays is what you want, and then click Yes.

3. In the console tree under Local Computer Policy\Computer Configuration\Windows Settings\Security Settings\Public Key Policies, right-click BitLocker Drive Encryption, and then click Add Data Recovery Agent to start the Add Recovery Agent Wizard.

4. On the Select Recovery Agents page, click Browse Folder to select the BitLockerDRA.cer file you exported in the previous procedure. If you did not need to export a certificate because you already had deployed a PKI with the necessary certificates, click Browse directory to choose a certificate from Active Directory Domain Services.

5. If you are prompted to install the certificate, click Yes. You can repeat this process as necessary to add multiple data recovery agents. After all data recovery agent certificates you want to use have been specified, click Next.

6. On the Completing the Recovery Agent Wizard page, click Finish to add the data recovery agent.

7. If you have not configured the Group Policy setting to specify the BitLocker identification field, complete Configuring the BitLocker Identification Field (Windows 7) before continuing with this scenario.

8. Encrypt a data drive as described in Turning On BitLocker Drive Encryption on a Fixed or Removable Data Drive (Windows 7). For a data recovery agent to be able to unlock a drive, the BitLocker identification field must be present and match the identification field defined for your organization.

9. To put the drive into a locked state so that you can test the data recovery agent, click Start, point to All Programs, click Accessories, right-click Command Prompt, and then click Run as administrator. If the User Account Control dialog box appears, confirm that the action it displays is what you want, and then click Yes. Type the following command, replacing Volume with the drive letter of the BitLocker-protected drive you want to lock:

   Manage-bde –lock Volume :

   Do not close the Command Prompt window.

10. Now that the drive is locked, you can unlock it by using the data recovery agent. First, you need the certificate thumbprint of the data recovery agent. To find this, at the command prompt, type the following command, replacing Volume with the drive letter of the BitLocker-protected drive you want to unlock:

    Manage-bde –protectors –get Volume :

    The key protectors identified for the drive are displayed. Find the key protector identified as Data Recovery Agent (Certificate Based), and record the certificate thumbprint.

11. To unlock the drive, type the following command, replacing CertificateThumbprint with the actual certificate thumbprint of the data recovery agent recorded in the previous step:

    Manage-bde –unlock Volume : -cert –ct CertificateThumbprint -PIN

12. Enter your smart card PIN when prompted. The drive is unlocked.

By completing the procedures in this scenario, you have assigned data recovery agents to BitLocker and used a data recovery agent to unlock a BitLocker-protected drive.

 

Excerpt from : BitLocker Drive Encryption Step-by-Step Guide for Windows 7

 

 

Technorati Tags: Windows 7,Security,Bitlocker,BDE,Recovery,Data Protection

Microsoft RemoteFX – Finally here in SP1

Were you always missing the rich media experience while using Windows 7 in a virtualized environment? Were always wishing that the external devices like USB sticks attached to the client could work seamlessly with the virtual system? All this and much more… is finally here.

With the addition of Microsoft RemoteFX in Windows Server 2008 R2 SP1, a new set of remote user experience capabilities that enable a media-rich user environment for virtual desktops, session-based desktops and remote applications is introduced. Harnessing the power of virtualized graphics resources, RemoteFX can be deployed to a range of thick and thin client devices, enabling cost-effective, local-like access to graphics-intensive applications and a broad array of end user peripherals, improving productivity of remote users.

RemoteFX can function independently from specific graphics stacks and supports any screen content, including today’s most advanced applications and rich content (including Silverlight and Adobe Flash), ensuring that end users maintain a rich, local-like desktop experience even in a virtualized thin-client environment.

RemoteFX also adds mainstream USB device support to virtual desktop computing, including support for USB drives, cameras and PDAs connected to the client device. RemoteFX also provides a platform for hardware and software partners to enhance RemoteFX capabilities in a variety of possible host, client and network configurations.

To use RemoteFX, the virtualization server must be running Windows Server 2008 R2 with SP1, the virtual machine must be running Windows 7 Enterprise with SP1 or Windows 7 Ultimate with SP1, and the remote client computer must be running either Windows Server 2008 R2 with SP1 or Windows 7 with SP1. To connect to the virtual machine, the remote client computer requires an updated version of Remote Desktop Services (included in the service pack for all editions of Windows 7).

My Blog has been shifted

This blog has been shifted to http://blogs.technet.com/ranjanajain with immediate effect.

 

Hope you will keep enjoying my posts on my new blog page too!!